By default, LemonLDAP::NG uses Apache logs to store user actions and other messages:
</p>
<ul>
<liclass="level1"><divclass="li"> Error log: all messages emitted by the program, depending on the configured log level</div>
</li>
<liclass="level1"><divclass="li"> Access log: the issuer of each request is identified</div>
</li>
</ul>
<p>
The log level can be set with Apache <code>LogLevel</code> parameter. It can be configured globally, or inside a virtual host.
</p>
<p>
See <ahref="http://httpd.apache.org/docs/current/mod/core.html#loglevel"class="urlextern"title="http://httpd.apache.org/docs/current/mod/core.html#loglevel"rel="nofollow">http://httpd.apache.org/docs/current/mod/core.html#loglevel</a> for more information.
</p>
<p>
To configure the user identifier in access log, go in Manager, <code>General Parameters</code>><code>Logging</code>><code>REMOTE_USER</code>.
</p>
<p>
You can also hide sensitive values in logs (session content can be displayed in logs in debug loglevel). Go in Manager, <code>General Parameters</code>><code>Logging</code>><code>Hidden attributes</code> and set a list of attributes to hide (space separated).
</p>
</div>
<!-- EDIT2 SECTION "Apache logging" [21-850] -->
<h2class="sectionedit3"id="syslog">Syslog</h2>
<divclass="level2">
<p>
LemonLDAP::NG can also use syslog (only for user actions).
</p>
<p>
In Manager, set syslog facility in <code>General Parameters</code>><code>Logging</code>><code>Syslog facility</code>.
</p>
<p>
The messages are stored with the levels :
</p>
<ul>
<liclass="level1"><divclass="li"><strong>info</strong> for user actions</div>
</li>
<liclass="level1"><divclass="li"><strong>notice</strong> for good authentications or external exchange (<abbrtitle="Security Assertion Markup Language">SAML</abbr>, OpenID,…)</div>
</li>
<liclass="level1"><divclass="li"><strong>warn</strong> for failed authentications</div>
<spanclass="re1">userError</span><spanclass="sy0">=</span><spanclass="re2"> sub <spanclass="br0">{</span> my <spanclass="br0">(</span>$self, $message<spanclass="br0">)</span> = @_</span><spanclass="co0">; ... }</span>
<spanclass="re1">userNotice</span><spanclass="sy0">=</span><spanclass="re2"> sub <spanclass="br0">{</span> my <spanclass="br0">(</span>$self, $message<spanclass="br0">)</span> = @_</span><spanclass="co0">; ... }</span></pre>